mirror of
https://github.com/klezVirus/CVE-2021-40444.git
synced 2024-11-21 13:00:48 +00:00
Re-adding the server dir
This commit is contained in:
parent
f2090f1d70
commit
7562cfa66a
3 changed files with 379 additions and 2 deletions
4
.gitignore
vendored
4
.gitignore
vendored
|
@ -2,7 +2,7 @@ venv
|
||||||
out
|
out
|
||||||
test
|
test
|
||||||
srv
|
srv
|
||||||
|
.idea
|
||||||
|
__pycache__
|
||||||
template/sample4-nw.html
|
template/sample4-nw.html
|
||||||
!srv/index.html
|
!srv/index.html
|
||||||
.idea
|
|
||||||
__pycache__
|
|
|
@ -102,6 +102,7 @@ def generate_payload(payload, server_url, basename, copy_to=None):
|
||||||
# Checking ephemeral directories
|
# Checking ephemeral directories
|
||||||
tmp_path.mkdir(exist_ok=True)
|
tmp_path.mkdir(exist_ok=True)
|
||||||
cab_path.mkdir(exist_ok=True)
|
cab_path.mkdir(exist_ok=True)
|
||||||
|
srv_path.mkdir(exist_ok=True)
|
||||||
|
|
||||||
print(f' [>] Payload: {payload}')
|
print(f' [>] Payload: {payload}')
|
||||||
print(f' [>] HTML/CAB Hosting Server: {server_url}')
|
print(f' [>] HTML/CAB Hosting Server: {server_url}')
|
||||||
|
|
376
srv/index.html
Normal file
376
srv/index.html
Normal file
|
@ -0,0 +1,376 @@
|
||||||
|
|
||||||
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
||||||
|
<html xmlns="http://www.w3.org/1999/xhtml">
|
||||||
|
<!--
|
||||||
|
Modified from the Debian original for Ubuntu
|
||||||
|
Last updated: 2016-11-16
|
||||||
|
See: https://launchpad.net/bugs/1288690
|
||||||
|
-->
|
||||||
|
<head>
|
||||||
|
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
|
||||||
|
<title>Apache2 Ubuntu Default Page: It works</title>
|
||||||
|
<style type="text/css" media="screen">
|
||||||
|
* {
|
||||||
|
margin: 0px 0px 0px 0px;
|
||||||
|
padding: 0px 0px 0px 0px;
|
||||||
|
}
|
||||||
|
|
||||||
|
body, html {
|
||||||
|
padding: 3px 3px 3px 3px;
|
||||||
|
|
||||||
|
background-color: #D8DBE2;
|
||||||
|
|
||||||
|
font-family: Verdana, sans-serif;
|
||||||
|
font-size: 11pt;
|
||||||
|
text-align: center;
|
||||||
|
}
|
||||||
|
|
||||||
|
div.main_page {
|
||||||
|
position: relative;
|
||||||
|
display: table;
|
||||||
|
|
||||||
|
width: 800px;
|
||||||
|
|
||||||
|
margin-bottom: 3px;
|
||||||
|
margin-left: auto;
|
||||||
|
margin-right: auto;
|
||||||
|
padding: 0px 0px 0px 0px;
|
||||||
|
|
||||||
|
border-width: 2px;
|
||||||
|
border-color: #212738;
|
||||||
|
border-style: solid;
|
||||||
|
|
||||||
|
background-color: #FFFFFF;
|
||||||
|
|
||||||
|
text-align: center;
|
||||||
|
}
|
||||||
|
|
||||||
|
div.page_header {
|
||||||
|
height: 99px;
|
||||||
|
width: 100%;
|
||||||
|
|
||||||
|
background-color: #F5F6F7;
|
||||||
|
}
|
||||||
|
|
||||||
|
div.page_header span {
|
||||||
|
margin: 15px 0px 0px 50px;
|
||||||
|
|
||||||
|
font-size: 180%;
|
||||||
|
font-weight: bold;
|
||||||
|
}
|
||||||
|
|
||||||
|
div.page_header img {
|
||||||
|
margin: 3px 0px 0px 40px;
|
||||||
|
|
||||||
|
border: 0px 0px 0px;
|
||||||
|
}
|
||||||
|
|
||||||
|
div.table_of_contents {
|
||||||
|
clear: left;
|
||||||
|
|
||||||
|
min-width: 200px;
|
||||||
|
|
||||||
|
margin: 3px 3px 3px 3px;
|
||||||
|
|
||||||
|
background-color: #FFFFFF;
|
||||||
|
|
||||||
|
text-align: left;
|
||||||
|
}
|
||||||
|
|
||||||
|
div.table_of_contents_item {
|
||||||
|
clear: left;
|
||||||
|
|
||||||
|
width: 100%;
|
||||||
|
|
||||||
|
margin: 4px 0px 0px 0px;
|
||||||
|
|
||||||
|
background-color: #FFFFFF;
|
||||||
|
|
||||||
|
color: #000000;
|
||||||
|
text-align: left;
|
||||||
|
}
|
||||||
|
|
||||||
|
div.table_of_contents_item a {
|
||||||
|
margin: 6px 0px 0px 6px;
|
||||||
|
}
|
||||||
|
|
||||||
|
div.content_section {
|
||||||
|
margin: 3px 3px 3px 3px;
|
||||||
|
|
||||||
|
background-color: #FFFFFF;
|
||||||
|
|
||||||
|
text-align: left;
|
||||||
|
}
|
||||||
|
|
||||||
|
div.content_section_text {
|
||||||
|
padding: 4px 8px 4px 8px;
|
||||||
|
|
||||||
|
color: #000000;
|
||||||
|
font-size: 100%;
|
||||||
|
}
|
||||||
|
|
||||||
|
div.content_section_text pre {
|
||||||
|
margin: 8px 0px 8px 0px;
|
||||||
|
padding: 8px 8px 8px 8px;
|
||||||
|
|
||||||
|
border-width: 1px;
|
||||||
|
border-style: dotted;
|
||||||
|
border-color: #000000;
|
||||||
|
|
||||||
|
background-color: #F5F6F7;
|
||||||
|
|
||||||
|
font-style: italic;
|
||||||
|
}
|
||||||
|
|
||||||
|
div.content_section_text p {
|
||||||
|
margin-bottom: 6px;
|
||||||
|
}
|
||||||
|
|
||||||
|
div.content_section_text ul, div.content_section_text li {
|
||||||
|
padding: 4px 8px 4px 16px;
|
||||||
|
}
|
||||||
|
|
||||||
|
div.section_header {
|
||||||
|
padding: 3px 6px 3px 6px;
|
||||||
|
|
||||||
|
background-color: #8E9CB2;
|
||||||
|
|
||||||
|
color: #FFFFFF;
|
||||||
|
font-weight: bold;
|
||||||
|
font-size: 112%;
|
||||||
|
text-align: center;
|
||||||
|
}
|
||||||
|
|
||||||
|
div.section_header_red {
|
||||||
|
background-color: #CD214F;
|
||||||
|
}
|
||||||
|
|
||||||
|
div.section_header_grey {
|
||||||
|
background-color: #9F9386;
|
||||||
|
}
|
||||||
|
|
||||||
|
.floating_element {
|
||||||
|
position: relative;
|
||||||
|
float: left;
|
||||||
|
}
|
||||||
|
|
||||||
|
div.table_of_contents_item a,
|
||||||
|
div.content_section_text a {
|
||||||
|
text-decoration: none;
|
||||||
|
font-weight: bold;
|
||||||
|
}
|
||||||
|
|
||||||
|
div.table_of_contents_item a:link,
|
||||||
|
div.table_of_contents_item a:visited,
|
||||||
|
div.table_of_contents_item a:active {
|
||||||
|
color: #000000;
|
||||||
|
}
|
||||||
|
|
||||||
|
div.table_of_contents_item a:hover {
|
||||||
|
background-color: #000000;
|
||||||
|
|
||||||
|
color: #FFFFFF;
|
||||||
|
}
|
||||||
|
|
||||||
|
div.content_section_text a:link,
|
||||||
|
div.content_section_text a:visited,
|
||||||
|
div.content_section_text a:active {
|
||||||
|
background-color: #DCDFE6;
|
||||||
|
|
||||||
|
color: #000000;
|
||||||
|
}
|
||||||
|
|
||||||
|
div.content_section_text a:hover {
|
||||||
|
background-color: #000000;
|
||||||
|
|
||||||
|
color: #DCDFE6;
|
||||||
|
}
|
||||||
|
|
||||||
|
div.validator {
|
||||||
|
}
|
||||||
|
</style>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<div class="main_page">
|
||||||
|
<div class="page_header floating_element">
|
||||||
|
<img src="/icons/ubuntu-logo.png" alt="Ubuntu Logo" class="floating_element"/>
|
||||||
|
<span class="floating_element">
|
||||||
|
Apache2 Ubuntu Default Page
|
||||||
|
</span>
|
||||||
|
</div>
|
||||||
|
<!-- <div class="table_of_contents floating_element">
|
||||||
|
<div class="section_header section_header_grey">
|
||||||
|
TABLE OF CONTENTS
|
||||||
|
</div>
|
||||||
|
<div class="table_of_contents_item floating_element">
|
||||||
|
<a href="#about">About</a>
|
||||||
|
</div>
|
||||||
|
<div class="table_of_contents_item floating_element">
|
||||||
|
<a href="#changes">Changes</a>
|
||||||
|
</div>
|
||||||
|
<div class="table_of_contents_item floating_element">
|
||||||
|
<a href="#scope">Scope</a>
|
||||||
|
</div>
|
||||||
|
<div class="table_of_contents_item floating_element">
|
||||||
|
<a href="#files">Config files</a>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
-->
|
||||||
|
<div class="content_section floating_element">
|
||||||
|
|
||||||
|
|
||||||
|
<div class="section_header section_header_red">
|
||||||
|
<div id="about"></div>
|
||||||
|
It works!
|
||||||
|
</div>
|
||||||
|
<div class="content_section_text">
|
||||||
|
<p>
|
||||||
|
This is the default welcome page used to test the correct
|
||||||
|
operation of the Apache2 server after installation on Ubuntu systems.
|
||||||
|
It is based on the equivalent page on Debian, from which the Ubuntu Apache
|
||||||
|
packaging is derived.
|
||||||
|
If you can read this page, it means that the Apache HTTP server installed at
|
||||||
|
this site is working properly. You should <b>replace this file</b> (located at
|
||||||
|
<tt>/var/www/html/index.html</tt>) before continuing to operate your HTTP server.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
|
||||||
|
<p>
|
||||||
|
If you are a normal user of this web site and don't know what this page is
|
||||||
|
about, this probably means that the site is currently unavailable due to
|
||||||
|
maintenance.
|
||||||
|
If the problem persists, please contact the site's administrator.
|
||||||
|
</p>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
<div class="section_header">
|
||||||
|
<div id="changes"></div>
|
||||||
|
Configuration Overview
|
||||||
|
</div>
|
||||||
|
<div class="content_section_text">
|
||||||
|
<p>
|
||||||
|
Ubuntu's Apache2 default configuration is different from the
|
||||||
|
upstream default configuration, and split into several files optimized for
|
||||||
|
interaction with Ubuntu tools. The configuration system is
|
||||||
|
<b>fully documented in
|
||||||
|
/usr/share/doc/apache2/README.Debian.gz</b>. Refer to this for the full
|
||||||
|
documentation. Documentation for the web server itself can be
|
||||||
|
found by accessing the <a href="/manual">manual</a> if the <tt>apache2-doc</tt>
|
||||||
|
package was installed on this server.
|
||||||
|
|
||||||
|
</p>
|
||||||
|
<p>
|
||||||
|
The configuration layout for an Apache2 web server installation on Ubuntu systems is as follows:
|
||||||
|
</p>
|
||||||
|
<pre>
|
||||||
|
/etc/apache2/
|
||||||
|
|-- apache2.conf
|
||||||
|
| `-- ports.conf
|
||||||
|
|-- mods-enabled
|
||||||
|
| |-- *.load
|
||||||
|
| `-- *.conf
|
||||||
|
|-- conf-enabled
|
||||||
|
| `-- *.conf
|
||||||
|
|-- sites-enabled
|
||||||
|
| `-- *.conf
|
||||||
|
</pre>
|
||||||
|
<ul>
|
||||||
|
<li>
|
||||||
|
<tt>apache2.conf</tt> is the main configuration
|
||||||
|
file. It puts the pieces together by including all remaining configuration
|
||||||
|
files when starting up the web server.
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li>
|
||||||
|
<tt>ports.conf</tt> is always included from the
|
||||||
|
main configuration file. It is used to determine the listening ports for
|
||||||
|
incoming connections, and this file can be customized anytime.
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li>
|
||||||
|
Configuration files in the <tt>mods-enabled/</tt>,
|
||||||
|
<tt>conf-enabled/</tt> and <tt>sites-enabled/</tt> directories contain
|
||||||
|
particular configuration snippets which manage modules, global configuration
|
||||||
|
fragments, or virtual host configurations, respectively.
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li>
|
||||||
|
They are activated by symlinking available
|
||||||
|
configuration files from their respective
|
||||||
|
*-available/ counterparts. These should be managed
|
||||||
|
by using our helpers
|
||||||
|
<tt>
|
||||||
|
a2enmod,
|
||||||
|
a2dismod,
|
||||||
|
</tt>
|
||||||
|
<tt>
|
||||||
|
a2ensite,
|
||||||
|
a2dissite,
|
||||||
|
</tt>
|
||||||
|
and
|
||||||
|
<tt>
|
||||||
|
a2enconf,
|
||||||
|
a2disconf
|
||||||
|
</tt>. See their respective man pages for detailed information.
|
||||||
|
</li>
|
||||||
|
|
||||||
|
<li>
|
||||||
|
The binary is called apache2. Due to the use of
|
||||||
|
environment variables, in the default configuration, apache2 needs to be
|
||||||
|
started/stopped with <tt>/etc/init.d/apache2</tt> or <tt>apache2ctl</tt>.
|
||||||
|
<b>Calling <tt>/usr/bin/apache2</tt> directly will not work</b> with the
|
||||||
|
default configuration.
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="section_header">
|
||||||
|
<div id="docroot"></div>
|
||||||
|
Document Roots
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="content_section_text">
|
||||||
|
<p>
|
||||||
|
By default, Ubuntu does not allow access through the web browser to
|
||||||
|
<em>any</em> file apart of those located in <tt>/var/www</tt>,
|
||||||
|
<a href="http://httpd.apache.org/docs/2.4/mod/mod_userdir.html" rel="nofollow">public_html</a>
|
||||||
|
directories (when enabled) and <tt>/usr/share</tt> (for web
|
||||||
|
applications). If your site is using a web document root
|
||||||
|
located elsewhere (such as in <tt>/srv</tt>) you may need to whitelist your
|
||||||
|
document root directory in <tt>/etc/apache2/apache2.conf</tt>.
|
||||||
|
</p>
|
||||||
|
<p>
|
||||||
|
The default Ubuntu document root is <tt>/var/www/html</tt>. You
|
||||||
|
can make your own virtual hosts under /var/www. This is different
|
||||||
|
to previous releases which provides better security out of the box.
|
||||||
|
</p>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<div class="section_header">
|
||||||
|
<div id="bugs"></div>
|
||||||
|
Reporting Problems
|
||||||
|
</div>
|
||||||
|
<div class="content_section_text">
|
||||||
|
<p>
|
||||||
|
Please use the <tt>ubuntu-bug</tt> tool to report bugs in the
|
||||||
|
Apache2 package with Ubuntu. However, check <a
|
||||||
|
href="https://bugs.launchpad.net/ubuntu/+source/apache2"
|
||||||
|
rel="nofollow">existing bug reports</a> before reporting a new bug.
|
||||||
|
</p>
|
||||||
|
<p>
|
||||||
|
Please report bugs specific to modules (such as PHP and others)
|
||||||
|
to respective packages, not to the web server itself.
|
||||||
|
</p>
|
||||||
|
</div>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
<div class="validator">
|
||||||
|
</div>
|
||||||
|
</body>
|
||||||
|
</html>
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue